[messaging] The Simple Thing

On 10/03/2014 10:47 AM, Moxie Marlinspike wrote:
>> On 10/02/2014 03:25 AM, Ben Laurie wrote:
>> The difference is that with CT the user whose key changes necessarily
>> becomes aware that it has changed. In "the simple thing?" only the
>> targeted user of the key is aware of this change.
>> Yes, I think this is the only difference. Both worlds require the user
> (and only the user) to opt into knowing what a key is and how to monitor
> them. In the CT world, only the owner of a key is notified, after the
> fact, if their key has changed. In the simple thing world, you're
> notified in real time for anyone you intend to send a message to.
>> I'm not sure which world is objectively better, although I personally
> like the idea of being notified that what I *write* is being intercepted
> before it's sent, rather than whether what I *received* was intercepted
> after the fact.
>> Either way, I think the net effect is roughly the same, so the question
> I'm posing is whether it's worth incurring the complexity cost, spam
> questions, organizational overhead of finding third parties, and
> potential conspiracy theories that might come with CT-like system,
> rather than just doing the simple thing.
One difference between 'some-senders-verify-fingerprint-before-send'
(aka the simple thing world) and
'some-users-audit-endorsements-of-their-key' (the receiver,
after-the-fact world) is this: an auditing infrastructure allows for
greater automation of key validation (or so the advocates claim,
including myself).
In the simple thing, the general deterrent to attacking keys is the
chance that some sender might actually be verifying fingerprints. But
if, as you say, a recipient's public key will change a lot in practice,
then chances are low that many people will bother, since verifying
fingerprints will just mean they are not able to send a message much of
the time.
In the auditing-infrastructure thing, the hope is that user agents will
be written to smartly and automatically perform the auditing. Yes, it is
detection after the fact. The prediction is that the number of people
running an auditing user agent will be greater than the number of
senders doing fingerprint verification, and that this greater number
will provider greater deterrent against bogus key endorsements.
Also, receivers auditing their published keys does not preclude senders
from doing manual fingerprint verification. In fact, I think the two
models can work really well together, which is one of the key ideas in
https://pad.riseup.net/p/key-validation
-elijah